References of ‘Carrier IQ’, the infamous spware, have just been found in Apple’s iOS. For those who aren’t aware, ‘Carrier IQ’ is the rootkit that Carriers put on many of their phones to monitor customer usage. As previously discovered by a security researcher, ‘Carrier IQ’ monitors keystrokes and sends them back to its own servers. Luckily on iOS devices, it appears to have been cut off from such activities. On iOS, it merely stores information but doesn’t seem to be sending anything as long as ‘Diagnostics and Usage’ in iOS 5 is turned off.
Chpwn, a renowned member of iOS hacker community has published a blog post explaining what ‘Carrier IQ’ references discovered in iOS mean:
Carrier IQ, the now infamous “rootkit” or “keylogger”, is not just for Android, Symbian,BlackBerry, and even webOS. In fact, up through and including iOS 5, Apple has included a copy of Carrier IQ on the iPhone. However, it does appears to be disabled along with diagnostics enabled on iOS 5; older versions may send back information in more cases. Because of that, if you want to disable Carrier IQ on your iOS 5 device, turning off “Diagnostics and Usage” in Settings appears to be enough.
Importantly, it does not appear the daemon has any access or communication with the UI layer, where text entry is done. I am reasonably sure it has no access to typed text, web history, passwords, browsing history, or text messages, and as such is not sending any of this data remotely.
As of now, Windows Phone 7 is the only mobile operating system without this installed. However, if you really are concerned about any information your iOS device is sending to ‘Carrier IQ’, then you can head to Settings > General > About > Diagnostics & Usage > and select ‘Don’t Send.’
In case you’d like to know what information is sent to ‘Carrier IQ’ if the above option is not disabled, here it is:
- CoreTelephony
- your phone number
- your carrier
- your country
- active phone calls
- (However, I only saw it noting that a phone call was active, not what number was dialed or it was received from. But, I am not going to claim it doesn’t do that: it’s certainly possible, but didn’t see it.)
- CoreLocation
- your location (Only, however, if Location Services are enabled.)
